USN-3485-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 14.04 Description USN-3485-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.0...

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Unrestricted File Upload

in2code/powermail is vulnerable a to unrestricted file upload vulnerability. By uploading files with an executable file extension, attackers are able to execute arbitrary code...

CVE-2017-6325

The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an...

CentOS Update for firefox CESA-2017:0558 centos7

Check the version of firefox SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882683";...

OWASP AntiSamy Security Bypass Vulnerability

OWASP AntiSamy is a library for HTML and CSS coding from the OWASP Foundation in the United States. A security bypass vulnerability exists in OWASP AntiSamy. An attacker can exploit this vulnerability by submitting specially crafted input to bypass the library's security protections and submit...

CVE-2016-10006

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

Cross site scripting

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

CVE-2016-10006

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

CVE-2016-10006

In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input a tag that supports style with active content, you could bypass the library protections and supply executable code. The impact is XSS...

Unrestricted file upload

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors...

CVE-2016-1066

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different...

WordPress ACF Frontend Display Plugin Arbitrary File Upload

An Arbitrary File Upload vulnerability exists in WordPress Advanced custom Fields ACF Frontend Display Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Unrestricted file upload

Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in content/private/plugins/myimage/image.php...

Static Analysis Tool: Bindead

The tool is based on the dynamic instrumentation framework PIN from Intel. Currently PIN is only working with the x86 architecture. Additionally, bintrace currently is limited to the Linux platform but will be ported to Windows when there is the need to. Actually, building for Windows might work...

Moderate: Red Hat Enhancement Advisory: elfutils bug fix and enhancement update

Updated elfutils packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 7. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages have been...

CVE-2015-1604

Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/...

Patching Bash Vulnerability a Challenge for ICS, SCADA

While the most urgent focus where the Bash vulnerability is concerned is around Internet-facing web servers, embedded systems and industrial control systems are not exempt from worry. Experts are concerned about Linux-based industrial control systems and SCADA equipment, in particular, that may b...

Unrestricted file upload

Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors...

SGI IRIX <= 6.3 df Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/346/info A buffer overflow exists in IRIX 5.x and 6.x 'df' utility, from Silicon Graphics Inc. By supplying a long argument to the -f option of df, a user can crash the df program. By carefully crafting a buffer containin...